Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS60458.roa
File:                     AS60458.roa (raw, json)
Hash identifier:          ZItLbkD7wfAtLt9OgjiGo9BI0QTo4oHSmraJuZ9e+Rg=
Subject key identifier:   D7:68:34:D7:DD:55:FD:E8:62:69:20:9E:5B:24:1B:89:6C:B5:C7:DB
Certificate issuer:       /CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
Certificate serial:       3018286C36B08AA651477C02881A2461DC08A5C9
Authority key identifier: 61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS60458.roa
Signing time:             Sat 26 Aug 2023 00:00:25 +0000
ROA not before:           Fri 25 Aug 2023 23:55:25 +0000
ROA not after:            Sat 24 Aug 2024 00:00:25 +0000
asID:                     60458
IP address blocks:        191.101.151.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 06 May 2024 17:00:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            30:18:28:6c:36:b0:8a:a6:51:47:7c:02:88:1a:24:61:dc:08:a5:c9
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=61b1bb4447718f16b3d36675d205c4dea41bba0a
        Validity
            Not Before: Aug 25 23:55:25 2023 GMT
            Not After : Aug 24 00:00:25 2024 GMT
        Subject: CN=D76834D7DD55FDE86269209E5B241B896CB5C7DB
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:76:cc:e8:1e:d8:62:ec:e7:a2:44:52:a4:6e:
                    7d:f1:6a:c1:aa:af:c3:f4:49:b8:4d:82:7f:08:d3:
                    94:c4:0d:4b:74:14:34:44:ca:a9:e8:62:d4:b5:4b:
                    00:88:05:97:fb:b7:e3:3c:29:c8:e7:17:c8:5f:c4:
                    ec:77:d6:82:e1:d9:09:77:15:91:a9:6c:8b:71:a3:
                    39:2e:7f:a5:38:41:86:a6:57:d4:4b:5d:40:17:89:
                    78:d6:aa:b5:e9:53:a1:b0:5b:84:cf:de:34:fb:0d:
                    96:62:ce:28:d1:eb:3d:97:36:43:bb:bb:3f:ac:a7:
                    13:6d:b0:c1:a8:67:10:0b:91:43:60:77:70:d8:3e:
                    0d:35:13:43:0f:55:ae:e0:6d:f3:c8:ba:bf:61:1f:
                    58:e5:09:11:71:e6:1f:f4:25:d0:cb:2c:db:58:96:
                    d8:e1:d1:92:ce:87:ca:21:93:3e:95:3e:29:c9:5d:
                    c9:29:72:7f:af:55:81:b1:d7:3a:70:66:02:26:ee:
                    48:41:4c:a6:35:e5:b6:c3:2f:0e:eb:87:a7:41:31:
                    f8:36:ba:14:ec:65:3d:cc:87:fa:6d:8d:9e:bf:14:
                    47:e6:4a:d3:9b:44:1a:61:09:90:ea:9e:c3:f4:3c:
                    d2:9a:88:9c:92:cf:aa:50:26:f4:8a:2c:91:15:24:
                    28:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:68:34:D7:DD:55:FD:E8:62:69:20:9E:5B:24:1B:89:6C:B5:C7:DB
            X509v3 Authority Key Identifier:
                keyid:61:B1:BB:44:47:71:8F:16:B3:D3:66:75:D2:05:C4:DE:A4:1B:BA:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/61B1BB4447718F16B3D36675D205C4DEA41BBA0A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YbG7REdxjxaz02Z10gXE3qQbugo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/537459e7-2a83-43d1-9aa1-58417abac4b6/1/AS60458.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  191.101.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         49:ec:ad:de:eb:ef:fd:f9:fd:46:39:b2:14:11:32:a2:dc:37:
         65:27:c5:e3:91:cc:78:a7:91:b2:9b:61:69:7c:a0:50:81:a7:
         5f:92:1f:68:5a:e1:76:7a:1e:25:6b:f4:a5:b7:79:33:30:2e:
         3a:d2:37:73:b2:db:58:46:9b:5d:a9:d5:5b:67:4e:e3:11:27:
         0f:a9:55:5b:d6:f9:d4:85:dd:dc:73:c0:fe:3a:a8:fc:4d:50:
         b8:b1:b7:8f:0a:44:b2:7b:2c:ba:8e:ca:30:68:5e:89:a8:7a:
         a5:66:53:71:5a:30:71:fa:82:c2:29:4d:43:71:55:b0:d6:ef:
         e7:8b:bd:fd:c5:b1:6f:11:8d:da:41:f1:84:01:d2:68:bc:b4:
         9f:98:0b:ab:e1:c8:6e:9a:9e:4f:2f:4c:b7:cf:6a:32:2d:4c:
         ae:47:d2:be:a1:3d:2d:f6:b4:43:98:d5:c3:ff:42:74:59:e5:
         48:2e:34:24:67:50:a1:81:2c:70:b7:98:d8:d4:09:26:b3:d1:
         85:d5:a3:83:1e:b1:ce:f1:8b:16:f8:05:7e:76:cc:bc:96:2c:
         e8:ff:f2:3c:f9:80:eb:93:b4:67:31:cb:d2:ac:b9:3d:1e:3a:
         e0:5b:3f:3e:92:a4:af:d6:0b:72:7e:35:d8:fa:9c:ea:6d:5a:
         d7:4c:dd:a6
-----BEGIN CERTIFICATE-----
MIIE/zCCA+egAwIBAgIUMBgobDawiqZRR3wCiBokYdwIpckwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoNjFiMWJiNDQ0NzcxOGYxNmIzZDM2Njc1ZDIwNWM0ZGVh
NDFiYmEwYTAeFw0yMzA4MjUyMzU1MjVaFw0yNDA4MjQwMDAwMjVaMDMxMTAvBgNV
BAMTKEQ3NjgzNEQ3REQ1NUZERTg2MjY5MjA5RTVCMjQxQjg5NkNCNUM3REIwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDQdszoHthi7OeiRFKkbn3xasGq
r8P0SbhNgn8I05TEDUt0FDREyqnoYtS1SwCIBZf7t+M8KcjnF8hfxOx31oLh2Ql3
FZGpbItxozkuf6U4QYamV9RLXUAXiXjWqrXpU6GwW4TP3jT7DZZizijR6z2XNkO7
uz+spxNtsMGoZxALkUNgd3DYPg01E0MPVa7gbfPIur9hH1jlCRFx5h/0JdDLLNtY
ltjh0ZLOh8ohkz6VPinJXckpcn+vVYGx1zpwZgIm7khBTKY15bbDLw7rh6dBMfg2
uhTsZT3Mh/ptjZ6/FEfmStObRBphCZDqnsP0PNKaiJySz6pQJvSKLJEVJChfAgMB
AAGjggIJMIICBTAdBgNVHQ4EFgQU12g0191V/ehiaSCeWyQbiWy1x9swHwYDVR0j
BBgwFoAUYbG7REdxjxaz02Z10gXE3qQbugowDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNTM3NDU5ZTctMmE4My00M2QxLTlhYTEtNTg0MTdhYmFj
NGI2LzEvNjFCMUJCNDQ0NzcxOEYxNkIzRDM2Njc1RDIwNUM0REVBNDFCQkEwQS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL1liRzdSRWR4anhhejAyWjEwZ1hFM3FR
YnVnby5jZXIwegYIKwYBBQUHAQsEbjBsMGoGCCsGAQUFBzALhl5yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzUzNzQ1OWU3LTJhODMt
NDNkMS05YWExLTU4NDE3YWJhYzRiNi8xL0FTNjA0NTgucm9hMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgABMAYDBAC/ZZcw
DQYJKoZIhvcNAQELBQADggEBAEnsrd7r7/35/UY5shQRMqLcN2UnxeORzHinkbKb
YWl8oFCBp1+SH2ha4XZ6HiVr9KW3eTMwLjrSN3Oy21hGm12p1VtnTuMRJw+pVVvW
+dSF3dxzwP46qPxNULixt48KRLJ7LLqOyjBoXomoeqVmU3FaMHH6gsIpTUNxVbDW
7+eLvf3FsW8RjdpB8YQB0mi8tJ+YC6vhyG6ank8vTLfPajItTK5H0r6hPS32tEOY
1cP/QnRZ5UguNCRnUKGBLHC3mNjUCSaz0YXVo4Mesc7xixb4BX52zLyWLOj/8jz5
gOuTtGcxy9KsuT0eOuBbPz6SpK/WC3J+Ndj6nOptWtdM3aY=
-----END CERTIFICATE-----